L.2 Application of clause 4

33.2033G Security3GPPAccess security for IP-based servicesTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

In 3GPP IMS, the ISIM is mandated to be present on UICC which is usually inserted within the MT component of the UE. In NGN-UEs, the ISIM shall be provided on the UICC, which shall be inserted within either :

1) The TE; or

2) The IMS Residential Gateway (IRG).

NOTE: The exact definition of IRG can be found in ETSI TS 187 003 [57].

Where the TE and IRG each contain an UICC with an ISIM, the ISIM should be used in following order of preference TE, IRG.

Figure L.1

Figure L.1 redraws figure 1 of the main body of the present document replacing the 3GPP specific transport domain by Generic IP transport domain. The following observations support figure L.1.

1) The IMS is independent of the transport network

2) Generic Entities (GE) equivalent to the 3GPP transport entities will be present in the Generic IP transport domain.

3) In the NGN architecture the AuC/HSS functionality is performed by the UPSF.

4) The Security Associations (SA) (referring to the corresponding arrows in Figure L.1) are retained:

a) SA-1, SA-3, SA-4 and SA-5 are endorsed by this annex

b) SA-2 is endorsed by this Annex with the extension to ensure transport across NAT/Firewall boundaries.

There exist other interfaces and reference points in IMS, which have not been addressed above. Those interfaces and reference points reside within the IMS, either within the same security domain or between different security domains (See figure L.2). The protection of all such interfaces and reference points (which may include other subsystems) apart from the Gm reference point are protected as specified in TS 33.210 [5].

Figure L.2

Annex M (normative):
Enhancements to the access security for IP based services to enable NAT traversal for signaling messages